To Customer Support To Customer Support
Solved

Another false positive for W32.Malware.Gen - This time in xvid.dll, xvidcore.dll

  • 21 March 2013
  • 5 replies
  • 122 views
H
Rank
Using 2013 version of the software. Today it flagged the  xvid.dll and xvidcore.dll files in my Windows 7 system32 directory. The last modified dates for the dll's were from 2004, and this isn't the first time I've gotten false positives with SecvureAnywhere 2013, and at least one of the other incidents was also for the W32.Malware.Gen.
 
In the past they were pretty much associated with downloaded executables, and I didn't mind deleting them, since they were usuyally older archived versions; but I wasn't about to delete any dll's without rechecking. A Webroot rescan picked up the same files. I then scanned the directory with Emsisoft's malware detector, and it found nothing.
 
I'm becoming concerned about these false positives. Are others finding this happening repeatedly?
 
----------------------------------------------------------------------------------------------------------------------------------------
[b] c:windowssystem32xvid.dll [MD5: 4581AC2AAD750548AC6B4AA6A06D1926] [Flags: 00080000.11333] [Threat: W32.Malware.Gen]
[b] c:windowssystem32xvidcore.dll [MD5: 06E70FF8D74F243C32BC38E00837E193] [Flags: 00080000.11335] [Threat: W32.Malware.Gen]
icon

Best answer by Rakanisheu Retired 21 March 2013, 16:17

View original

5 replies

shorTcircuiT
Userlevel 7
Hello harried and welcome to the Community!
 
False positives do not seem to be a problem for most users, but please Submit a Trouble Ticket as that is the best way to report such issues.
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Rakanisheu Retired
Userlevel 7
Hello,
 
Thanks for the feedback, I have fixed those false positives and they should no longer be detected. With any AV software there will be some false positives but we generally have a very low number of FP`s  considering the large volume of malware that we detect every day.
 
Webroot will not remove any critical Windows files that are needed to it to boot but there is no harm in submitting a troubleshooting ticket so we can take a look at any detection if you are ever concerned. The detection name (W32.Malware.Gen) is a generic malware group name that is used by the industry.
 
Thanks,
Roy
Threat Research
shorTcircuiT
Userlevel 7
@ wrote:
Hello,
 
Thanks for the feedback...........
Thanks,
Roy
Threat Research

Roy, it is GREAT to see you becoming more active on here!
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
H
Rank
Thanks for the prompt responses and help! I had submitted a question about the incident under the support "other" option. I'm not sure if that's what the trouble ticket is. I looked at the form for submitting a false positive, but that was for the software vendor.
Rakanisheu Retired
Userlevel 7
I`ll keep an eye out for the ticket. The files have been marked good in any case but there is no harm in having a ticket as we can keep a record of any issue that you have had .

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.